Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydrogen starting from version 0.10.0 to 0.18.0. This vulnerability is exploitable in applications whose hydrating data is user controlled. All Hydrogen users should upgrade their project to version 0.19.0. There is no current workaround, and users should update as soon as possible. Additionally, the Content Security Policy is not an effective mitigation for this vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-05-18T20:30:13

Updated: 2024-08-03T06:17:54.175Z

Reserved: 2022-04-13T00:00:00

Link: CVE-2022-29230

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-05-18T21:15:07.823

Modified: 2024-11-21T06:58:46.093

Link: CVE-2022-29230

cve-icon Redhat

No data.